Cyber Incident Victim: Embassy of the Republic of Azerbaijan in the Kingdom of the Netherlands
Date:
Sep 2016
Location:
Netherlands
Summary
Armenian hacker groups, including the Monte Melkonian Cyber Army and associates, breached and defaced multiple Azerbaijani diplomatic and government websites, including its embassy in the Netherlands, while leaking sensitive military, police, and banking data. The attackers exfiltrated personal information of thousands of individuals, including officers and bank customers, and publicly disseminated the data as part of an ongoing cyber conflict linked to the Nagorno-Karabakh dispute. The incident demonstrated continued digital hostilities between Armenian and Azerbaijani actors, with hackers targeting critical infrastructure to advance geopolitical objectives.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On September 25, 2016, Armenian hacking group Monte Melkonian Cyber Army (MMCA) executed a coordinated cyber attack targeting Azerbaijani government and financial institutions. The group leaked datasets purportedly containing sensitive information from Azerbaijani banks, military, and police servers, framing the operation as a "precious gift" to Azerbaijanis on the 25th anniversary of Armenian independence. MMCA representatives communicated directly with media outlet HackRead via email to claim responsibility. The leaked data included personal details of approximately 1,200 Azerbaijani military and police officers—names, ID numbers, phone numbers, and residential addresses—distributed through pastie sites. A separate folder contained profiles of 46 specific officials, including deceased military officer Bayramov Vaqif Dilqem Oglu, whose records were presented as evidence of data authenticity. Concurrently, another Armenian group using aliases "Noyer_1K" and "n0p_c0ntr01" released a customer database from an Azerbaijani bank containing personal information of roughly 10,000 individuals. HackRead's analysis confirmed three additional folders with banking details affecting over 9,000 customers.
The attack extended beyond data leaks to website defacements targeting Azerbaijan's diplomatic presence. MMCA compromised the official websites of Azerbaijani embassies in Bulgaria, the Netherlands, and Qatar, along with the Ministry of Foreign Affairs AIDA portal. Zone-h mirror links documenting these defacements were publicly shared as proof of intrusion. While HackRead's review found no substantive intelligence value in the leaked data, the incident exemplified the ongoing cyber conflict between Armenia and Azerbaijan dating to 2013. Historical context revealed MMCA's prior leak of 5,000 Azerbaijani citizen ID documents, with both nations' hacker groups routinely targeting critical infrastructure amid unresolved hostilities stemming from the Nagorno-Karabakh territorial dispute. The absence of diplomatic relations between the two countries provided persistent motivation for such retaliatory cyber operations, though no official Azerbaijani response to this specific incident was documented in available sources.